I checked my email adress on the site https://haveibeenpwned.com/ and it is found in databases "Anti Public Combo List" and "Onliner Spambot". Perhaps one of those includes the storagereviews user data.

Share on other sites

From what I can tell someone most likely breached an old account with an unchanged password, logged into the admin console here and sent out a bulk email. We've since pruned all the old admin accounts and reset passwords. It was sent through the bulk mail feature built into the forums itself, selecting all the users as recipients. So individual account as far as we can tell were not breached, just someone getting into an admin account.

Right now the email engine on the server is disabled and the port is blocked at the firewall to prevent anything more from coming through while we check through all the layers.

Share this post

Link to post

Share on other sites

I did not get this email, or any other from SR in the last 48 hours. Checked my trash & spam folders to be sure. My email addy with the board is valid. Perhaps SR interrupted outgoing mails before it got to mine.

Advice from an admin on an unrelated board: they want to download the user table. Preferably via SQL access, makes it easier and faster. They want the hashed passwords, salts, and email addresses. Over time they can crack the hashes, making the dump much more valuable than emails alone. They may also be interested in the private message table, in case any users exchanged email addresses.

Hope everyone uses unique random passes on every site. That's the way to go. Once SR is sure they're clean, I'll update mine.

Share on other sites

When most of this started happening, we had our host kill port 25 at the firewall level, then we started flushing the email queue. We just started opening it up slightly yesterday to monitor outgoing email traffic. But that is why many site-generated emails are slow or not moving out at all. Lots of them probably got caught up in the queue purge as well.